1. Field of the Invention
The present invention relates to a short message service security system using a H/W-based security module such as an MTM and a method thereof, and particularly, to an MTM-based short message service security system capable of preventing a received short message from being disclosed and detecting interception of the received short message by a malicious program, and a method thereof.
2. Discussion of Related Art
A Short Message Service (SMS), which is one of representative services provided via a communication network, is a service widely used worldwide. The SMS is a service in which a short message of 140 bytes or less (140 or 160 characters) is transmitted, and is widely used between individuals in addition to serving as a liaison between companies and customers due to advantages such as simplicity of the service with no restrictions on location. In particular, the SMS is widely used in the fields such as mobile payment, banking, and shopping, and also used as a method for user authentication.
In order to secure the SMS widely used in this manner, various inventions have been proposed for a long time. However, in the related art, research on security methods for the SMS has been conducted focusing on a process of transmitting messages between terminals or between a terminal and a server. That is, research has been conducted focusing on a method of preventing messages from being disclosed (intercepted or eavesdropped), changed, or lost by third-parties (attackers) in a message delivering process via a communication network, a sender or recipient identity checking method for preventing SMS spoofing, and the like.
In mobile phones used before the emergence of smartphones, only programs generated by mobile phone manufacturers could be installed on mobile phones. Accordingly, there was only one program for receiving short messages, and it was difficult to install malicious code on mobile phones. Therefore, there were no high security concerns for messages received in mobile phones.
However, smartphones, which have been recently widely used, have features, for example, various programs (APPs) can be installed on smartphones according to user preference, and resources such as text messages are shared and used by several programs (APPs) rather than being used only by one program. Due to such features, many malicious codes have already been actually distributed through smartphones. Among these, a significant amount of malicious codes access short messages. As an example, in Android-based smartphones, malicious code, which intercepts text messages for transmitting an authentication number and transmits the intercepted messages to the outside, have been distributed, which results in financial loss of users. That is, in such smartphone environments, safety of text messages received in terminals is not guaranteed anymore. Therefore, a method of protecting short messages safely inside the terminal is necessary.